[bostik]

> I mean how can a DDOS generate revenue?

You rent out the capacity. Few hours of N Gbps flooding, courtesy of 20-30 thousand compromised home systems and IoT shitware units: tens to maybe low hundreds of dollars.

Now assume that's only a couple of percent of the total capacity under the botnet's control. Also, there are 24 hours in a day - once the current blaster's rental time expires, you have another one lined up already.

I recall seeing numbers in some fairly old Krebs article, but can't find it right now.

[graystevens]

Spot on - they’re often referred to as ‘stressers’ or ‘booters’, and can make a nice chunk of money. There’s always someone looking to knock someone off of Xbox Live or PSN, or even chance it and try to take down a popular website. Depending on the technique used and the size of the botnet, you can cause some sysadmins or SOCs a headache.

I’m sure anyone else in the ISP industry will tell you that anytime kids are off school (summer holidays or half term here in the UK) the DDoS alerts go up a notch or two.

[krageon]

A bit more than two notches I'd say. The correlation between those is pretty enormous.

[kankroc]

It's funny how a small industry is built around this. I remember a few years ago you could pay a monthly fee and they would have tiers and live support.

It wasn't very pricy for small attacks, sometimes even free for anything under 300 seconds.